POLITICS

Meet Jonathan Mayer, The Stanford Ph.D. Student Who's Reverse-Engineering The NSA

02/18/2014 01:14 pm ET | Updated Feb 18, 2014
Matt Sledge

The National Security Agency is not, as a matter of policy, very forthcoming. Even eight months after Edward Snowden's revelations began tumbling out, the agency projects a purposeful murkiness.

But Snowden isn't the only young computer whiz lifting the NSA's shroud of secrecy. Jonathan Mayer, a 27-year-old Stanford Ph.D. student whose research on the agency's capabilities is so singular it was cited in the White House NSA review panel report, is building "a science of surveillance" to piece together what the government is doing in our name.

Curly haired and affable, Mayer met up with HuffPost in December at a bustling coffee shop in San Francisco's Mission District. Mayer was previously well-known in tech circles for the work he began as a Princeton undergraduate on how advertisers -- and presidential campaigns -- track web users. But in recent months he has turned his attention away from private corporations and toward the government.

Simply by assuming the agency is making full use of its powers within the legal constraints it has been given, Mayer has been able to piece together a disturbing portrait of its reach.

And he's done it, in the best tradition of computer hackers, using off-the-shelf resources: he has scoured through previously secret court filings for technical details about the NSA's activities, and he built an app that users can install on their phones to see how much their call metadata reveals.

Mayer's research has shown that the agency's call-tracking program might be even bigger than previously thought. He detailed how trivially easy it is for the NSA to connect individual names to the metadata it collects in droves. And in the research referenced by the White House panel, he revealed how the NSA "ensnares ordinary Americans as they browse domestic websites."

That last bit of research is potentially the most concerning. Although the NSA has claimed over and over again that it only targets foreign communications, Mayer has been able to show that even when we visit a domestic web page, much of our traffic is sent abroad.

"Your browser is chatty, it talks to lots and lots of servers as you load a web page," Mayer explains. In just a few minutes in the coffee shop he demonstrates how much ordinary browser traffic goes outside the U.S.

"He has managed to affect the public policy discussion in a way that no one I can think of at that career stage has done," says Edward Felten, a professor of computer science and public policy at Princeton.

Felten says Mayer is smart and curious, and "one of the best computer scientists of his graduating class, even though he was not a computer science major."

At Princeton, Mayer majored in public policy, and then, as he describes it, he slipped past the gatekeepers at Stanford who normally would have prevented someone from entering both the law and computer science graduate schools. In December, the same month he was cited by the White House panel, he was still studying for the bar.

Mayer has interned at the Electronic Frontier Foundation, the San Francisco-based group that acts as an ACLU for the online world. But he also worked with the California Department of Justice on a privacy initiative, and he says he is only "tangentially involved" in hacking.

He isn't even an unequivocal supporter of Snowden. "I would not be inclined to throw the book at the guy. I would also not be inclined to give the guy a free pass," he says. "So, yeah, it's an uneasy middle ground."

Nevertheless, Mayer says the process of reading through thousands of pages of Foreign Intelligence Surveillance Court filings has undermined some of the assumptions he built up studying the law.

"Law school builds up all these intuitions about how government interacts with the law and what remedies look like when government breaks the law," he says. The way the NSA seems to operate, he says, "inverts the notion of law … the do-first-and-ask-for-statute-later [approach], and this really strange, secret constitutional precedent."

"It's more like a legal papering over," he says. "I think within the legal set there is increasingly a sense that something's gone horribly awry."

Mayer says some of the intermediate reforms proposed -- like equipping the surveillance court with a technological expert who might be able to advise it on the NSA's claims -- sound like worthy steps forward. But ultimately, he believes, the legal inversion he has discovered through his work must be reversed.

Going forward, Mayer says, "the onus should be on the NSA to justify their surveillance programs."

"If the NSA needs new authority, it should go to Congress."

Also on HuffPost:

Conservatives Pointing Fingers
Suggest a correction
Comments

CONVERSATIONS